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DETAILED ACTION 

1 . Claims 1-31 are pending. 



Claim Rejections - 35 USC §102 

2. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 

basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1(2) of such treaty in the English language. 

3. Claims 1-9, 12, 13, 30, 31 are rejected under 35 U.S.C. 102(e) as being anticipated by 
Challener et al., US patent 6,654,886. 

In reference to claim 1 : 

Challener et al. discloses a user authentication method comprising: 

• Obtaining a user identification (ID) recognizable by an enterprise access management 
(EAM) system, where the user ID is obtained from within the login token. (Column 3, 
lines 15-20) 
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• Generating a login request based upon said user ID, said login request being void of a 
user password corresponding to said user ID, where the login request that is generated is 
a login token. (Column 3, lines 7-20) & (Figure 4, Item 404) 

• Evaluating said login request with a processing module compatible with said EAM 
system. Figure 7, Item 708. 

In reference to claim 2: 

Challener et al. (Figure 7, Item 708 and 712) discloses a method according to claim 1, wherein 
said evaluating step comprises determining whether said login request was generated by a trusted 
source, where the evaluation determines if the hardware is approved by matching it with the 
login tokens in the access registry. 

In reference to claim 3: 

Challener et al. (Figure 7, Item 708 and 712 & 404) discloses a method according to claim 1, 
wherein said evaluating step comprises validating said user ID, where the token is validated, and 
the ID is apart of the token. 

In reference to claim 4: 

Challener et al. (Figure 7, Item 708 and 712) discloses a method according to claim 3, further 
comprising said EAM system performing an access management action if said validating step 
validates said user ID, where the access management action is the allowance of access to the 
service if the token is validated in 708. 
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In reference to claim 5: 

Challener et al. (Figure 3) & (Column 5, lines 37-52) discloses a method according to claim 1, 
wherein said user ID represents a user authenticated by a system independent of said EAM 
system, where the system depicted is its own server and independent of the vahdation and access 
control mechanism. 

In reference to claim 6: 

Challener et al. discloses a user authentication method comprising: 

• Obtaining a user identification (ID) recognizable by an enterprise access management 
(EAM) system, where the user ID is obtained from within the login token. (Column 3, 
lines 15-20) 

• Creating an encrypted expression based upon said user ID, where the encrypted 
expression is the encrypted token which contains the user ID. (Figure 4, Item 406) 

• Sending said encrypted expression to a processing module compatible with said EAM 
system. (Figure 4, Item 408) 

In reference to claim 7: 

Challener et al. discloses a method according to claim 6, further comprising generating a login 
request that includes said encrypted expression. (Figure 4, Items 404 & 406) 
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In reference to claim 8: 

Challener et al. discloses a method according to claim 7, wherein said encrypted expression is 
sent to said processing module with said login request. (Figure 4, Items 404 & 408) 

In reference to claim 9: 

Challener et al. discloses a method according to claim 7, wherein said login request is void of a 
user password corresponding to said user ID. (Figure 4, Items 404) 

Claim 12 is rejected for the same reasons as claim 2. 

In reference to claim 13: 

Challener et al. discloses a method according to claim 13, further comprising performing a 
parameter based upon user ID, where the parameter is the token. (Figure 4, Item 404) 

Claim 30 is rejected for the same reasons as claim 6. 
Claim 3 1 is rejected for the same reasons as claim 2. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 

obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
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having ordinary skill in the art to which said subject matter pertains. Patentabihty shall not be negatived by the 
manner in which the invention was made. 

5. Claiins 10, 11, 14-29 rejected under 35 U.S.C. 103(a) as being unpatentable over 
Challener et al. and Scheidt et al., US patent 6,490,680. 

In reference to claim 10: 

Challener et al. fails to disclose a method according to claim 6, wherein said creating step 
encrypts a hash to create said encrypted expression, 

Challener et al. discloses that the token is digitally signed(encrypted with a private key) and 
used. (Column 5, line 65 - Column 6, line 5) 

Scheidt et al. (Column 14, lines 1-10) discloses an access control system in which digitally 
signed user information is also used, and is hashed and encrypted. 

Scheidt et al. discloses that the advantages of this particular embodiment allows "privacy and 
data integrity without regard to data origin authentication and nonrepudiation" (Column 13, 
lines 65-67) 

It would have been obvious to one of ordinary skill in the art at the time of invention to use the 
token of Scheidt et al. and hash the user information(token) to create an encrypted expression in 
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order to allow for stand alone privacy and data integrity without having to consider complicating 
factors such as nonrepudiation and data origin authentication. 

In reference to claim 1 1 : 

Challener et al. and Scheidt et al. (Column 14, lines 1-10) discloses a method according to claim 
10, further comprising performing a hashing operation on a string to compute said hash, wherein 
said string is based upon said user ID, where the string is inherent. The hashing operation is 
performed on the digital token which nothing more than a digital string of 1 and 0 bits. 

In reference to claim 14: 

Scheidt et al. (Column 14, lines 1-10) discloses a method according to claim 1, further 
comprising performing a hashing operation on said parameter to compute a hash. 

In reference to claim 15: 

Scheidt et al. disclose a method according to claim 14 further comprising: 

• Encrypting said hash to create a first encrypted expression (Column 14, lines 1-14) 

• Extracting a second encrypted expression from said parameter, where the second 
encrypted expression is the computed MDC. (Column 14, lines 5-9) 

Neither Challener et al. or Scheidt et al. disclose a method according to claim 14, further 
comprising: 
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Con:5)aring said first encrypted expression to said second encrypted expression, where the 
encrypted expression is compared. 

Rather Scheidt et al. appears to decrypt the first encrypted expression before the comparison. 

It would have been obvious to one of ordinary skill in the art at the time of invention to simply 
conpare the encrypted expressions rather than decrypting and then comparing the expressions 
because it would be faster and save the computational effort of computing the decryption, 
although potentially at the expense of some security. 

In reference to claim 16: 

With regard to the combination in the rejection of claim 15, Challener et al. (Figure 7, Item 708 
and 712 & 404) & Scheidt et al. (Column 14, lines 1-10) discloses a method according to claim 
15, fiirther comprising validating said login request if said comparing step results in a match 
between said first encrypted expression and said second encrypted expression, where the 
encrypted hashed expression are compared, and accepted as authentic if the values match. 

In reference to claim 17: 

Challener et al. (Figure 7, Item 708 and 712 & 404) discloses a method according to claim 16, 
further comprising said EAM system performing an access management action if said validating 
step validates said login request, where upon validation the cUent is allowed access. 
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In reference to claim 18: 

Scheidt et al. (Column 14, lines 1-10) discloses a method according to claim 14, further 
comprising: 

• Extracting an encrypted expression from said parameter. 

• Decrypting said encrypted expression to obtain a second hash. 

• Comparing said hash to said second hash. 

In reference to claim 19: 

Scheidt et al. (Column 14, hnes 1-10) discloses a method according to claim 18, further 
comprising validating said login request if said comparing results in a match between said hash 
and said second hash. 

In reference to claim 20: 

Challener et al. (Figure 7, Item 708 and 712 & 404) a method according to claim 19, further 
comprising said EAM system performing an access management action if said validating step 
validates said user ID. 

Claim 21 is rejected for the same reasons as claims 1,11 and 14. 
In reference to claim 22: 

Challener et al. fails to disclose a method according to claim 21, wherein said encrypting step 
utilizes a symmetric encryption algorithm. 
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Challener et al. discloses the use of a public encryption algorithm in the encrypting step. 
(Column 5, lines 37-52) 

The Examiner takes official notice that symmetric encryption was well known at the time of 
invention. 

It would have been obvious to one of ordinary skill in the art at the time of invention to use 
symmetric key encryption because it is faster and simpler than public key encryption, although 
less secure. 

Claim 23 is rejected for the same reasons as claim 1 1 . 
In reference to claim 24: 

Challener et al. (Figure 7, Item 702 and 704) discloses a method according to claim 21, further 
conprising receiving said login request at a processing module conq^atible with said EAM 
system, where the login request is received at the client and is compatible with the system as 
shown in the diagram. 

In reference to claim 25: 

Scheidt et al. (Column 14, lines 1-10) discloses a method according to claim 24, further 
comprising said processing module: 

• Generating said string from parameters included with said login request 

• Performing said hashing operation on said string to compute a second hash. 
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Claim 26 is rejected for the same reasons as claim 15. 
Claim 27 is rejected for the same reasons as claim 16. 
Claim 28 is rejected for the same reasons as claim 18. 
Claim 29 is rejected for the same reasons as claim 19. 



Conclusion 

6. The following art not relied upon is made of record. 

• US patent 5,907, 621 Bachman et al. discloses a login system that compares two login 
tokens and allows access based on that comparison. 

• US patent 6,490,682 discloses a logon verification protocol. 

• US patent 6515988 discloses token based document transactions that discloses a string 
from a login token that is then hashed and encrypted. 



7. Any inquiry conceming this communication from the examiner should be directed to 
Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9:30 AM - 6:00 PM. 

If attempts to reach the examiner by telephone are unsuccessfixl, the examiner's supervisor, 

Gregory A. Morse can be reached on (571)272-3838. 

The Examiner may also be reached through email through Thonias.Ho6@u^ 
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Any inquiry of a general nature or relating to the status of this application or proceeding should 

be directed to the receptionist whose telephone number is (571)272-2100. 

CJeneral Information/Receptionist Telephone: 571-272-2100 Fax:703-872-9306 
Customer Service Representative Telephone: 571-272-2100 Fax: 703-872-9306 

TMH 

March 30**, 2005 A 





